• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

Crucial Point LLC

Accelerating Technology

  • About Crucial Point
    • About Bob Gourley
    • Announcements
    • Corporate Events
    • Press
    • CTOvision
      • Go Pro!
  • Contact Us
  • Services
    • Technology Due Diligence
    • CTO Advisory Services
    • Compliance and Cybersecurity
    • CTO-as-a-Service
    • CISO-as-a-Service
    • Corporate Events
  • Crucial Point Clients
  • Cybersecurity Best Practices
    • Cybersecurity Best Practices
    • Cybersecurity At Home
    • Health Insurance Portability and Accountability Act (HIPAA) Security Rule Compliance
    • The FFIEC Cybersecurity Assessment Tool Can Be Used To Raise Your Security Posture
    • Companies Who Interact With European Citizens Must Check Architecture For Compliance With New Data Rules

Compliance With Defense Federal Acquisition Regulations (DFARS) Enhanced Security Controls

Home » Compliance With Defense Federal Acquisition Regulations (DFARS) Enhanced Security Controls

All Department of Defense (DoD) contractors must comply with the mandates of the Defense Federal Acquisition Regulations (DFARS). The DFARS now have added requirements for companies to safeguard DoD information and put in place new incident response procedures.

The most important points:

  • Although security and use of technology is touched on in many areas of the DFARS, the most significant changes are know as DFARS Part 252.204-7012. Most in the industry call the new changes “7012 Compliance”.
  • The acronym CDI stands for Covered Defense Information. CDI is any information that is provided to the contractor by or on behalf of DOD in connection with the contract. It is also any information collected, developed, received or transmitted by the contractor in performance of the contract.
  • Contractors must full understand what CDI they create, process, store or transmit. CDI must be protected with adequate security controls, which are going to be as strong or stronger as those reflected in NIST Special Publication 800-171.
  • Contractors must also be able to detect unauthorized access of CDI and have an incident response plan that complies with the DFARS guidance, including reporting requirements.
  • The cost of compliance is considered an allowable cost under Federal Acquisition Regulation (FAR)/Cost Accounting Standards (CAS).

Compliance is made much easier if you put a trusted advisor on your side. Crucial Point offers a scalable advisory model we can CTO-as-a-Service that can assist you in compliance fast.  Contact us for a free consultation.

Primary Sidebar

Our Latest

OODA LLC: Put our team of experts on your side

Crucial Point is now part of OODA LLC. OODA helps our clients identify, manage, and respond to global risks and uncertainties while exploring emerging opportunities and developing robust and … [Read More...] about OODA LLC: Put our team of experts on your side